Torch uses IA best practices and processes to develop, implement, monitor, and analyze Controls Validation Testing (CVT), Certification and Accreditation (C&A), and Computer Network Defense (CND). We routinely produce the following: comprehensive DIACAP packages; “QuickLook” Scan-Only reports; Connection Authorizations; Authorizations to Operate; and Authorizations to Test. We organize the data generated from these tests for storage and sharing using tools such as eMass and an enhanced Enterprise SharePoint solution. In addition, Torch performs network scans using equipment and software algorithms such as eEye Digital Retina, Assured Compliance Assessment Solution, and NEXPOSE vulnerability scanners. Torch uses its proven processes and tools to accomplish event detection & reporting, containment, response, recovery and post-incident analysis.
Implementation of application security using tools such as
Fortify 360 for automated source code analysis to detect
Network Defense and Intrusion Detection
Use of local and network scanning tools to assist in overall analysis in order to determine the true risk of threats and vulnerabilities.
Risk Management Framework
Implementation, administration, support, and management of DIACAP and RMF transition; along with other federal cyber security compliance mandates such as Federal Information Security Management Act of 2002 (FISMA), Federal Information Processing Standards (FIPS) Publications, and NIST Special Publications (800 Series).
Specialized Scientific Environments
Torch provides IT solutions for data management and scientific computing applications. Torch personnel have database development, web application programming, and enterprise software development experience. We apply a CMMI Level 3 software development environment to perform design and requirements analysis, implementation, quality assurance, training, documentation, and deployment. This experience is used to develop and maintain data warehouses, enterprise reporting systems, data analysis tools, and management information systems. We also develop and support enterprise-wide information systems to include designing, developing, installing, modifying, and maintaining computer hardware, software, and associated peripherals and licensing agreements. We manage routine upgrades, system security scans and configuration, security accreditation, and disaster recovery programs. Torch is also responsible for network support for classified and unclassified systems.
High Performance and Classified
Engineering design of multiple large computer clusters and their associated networks, in addition to implementing them into classified environments and providing life cycle maintenance for the clusters.
Local and enterprise database and tool development for managing test resources; test results from live, constructive, and virtual engagements; and simulation configurations and results.